ClawHub

Ernie Image Gen

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Baidu ERNIE image-generation helper that uses a local API key, sends prompts to Baidu, and saves generated PNG files locally.

Install only if you are comfortable sending image prompts and generation parameters to Baidu AI Studio. Keep AI_STUDIO_API_KEY in the environment and out of chat, avoid private or confidential prompt content, and choose or confirm the output folder when generating images.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill instructs the agent to read an API key from the environment, make network calls to Baidu AI Studio, and write generated files locally, but it does not declare these capabilities as permissions. Undeclared env/network/file-write behavior weakens reviewability and consent boundaries, increasing the risk of unexpected secret access, external data transfer, and local file creation in agent environments.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill description contains broad trigger language such as generic image-generation requests and preference rules that may cause the agent to select this skill for common everyday phrases. Over-broad routing increases the chance of accidental invocation, causing user text to be sent to an external provider and files to be created without sufficiently explicit intent.

Vague Triggers

High
Confidence
96% confidence
Finding
The quick-trigger section says to 'generate immediately with defaults' for ambiguous phrases like 'draw' and '画画', with the text after the trigger treated as a prompt automatically. This creates an unsafe immediate-execution path that can exfiltrate arbitrary user-provided text to Baidu and write local files without a confirmation step, especially when triggers may appear in casual or quoted text.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal